Result Details
Explainable Anomaly Detection in Network Traffic Using LLM
Network anomaly detection is essential for modern cybersecurity, yet existing systems often generate numerous alerts without clear explanations, leading to inefficiencies and high false-positive rates. This paper proposes a novel approach that integrates Large Language Models (LLMs) with an anomaly detection framework to enhance explainability in network traffic analysis. Instead of directly detecting anomalies, the LLM only interprets already flagged anomaly events, providing insights into their potential root causes. Our method reduces LLM overusage while improving decision-making for security analysts. We evaluated our approach using real-world network traffic data, demonstrating its ability to enhance situational awareness, reduce false positives, and support more effective cybersecurity practices.
anomaly detection, network security, network traffic monitoring, time series, large language models, explainable security
@inproceedings{BUT196524,
author="Kamil {Jeřábek} and Josef {Koumar} and Jiří {Setinský} and {}",
title="Explainable Anomaly Detection in Network Traffic Using LLM",
booktitle="38th IEEE/IFIP Network Operations and Management Symposium, NOMS 2025",
year="2025",
pages="6",
publisher="IEEE Communications Society",
address="Honolulu",
doi="10.1109/NOMS57970.2025.11073574",
isbn="979-8-3315-3164-5"
}